Home Forums Signatures Best Practice: Wet-Ink Signatures & Certified Copies Reply To: Best Practice: Wet-Ink Signatures & Certified Copies

Eldin Rammell

When using digital signatures, companies need to be careful about their choice of technology. Whilst all electronic signatures are legally admissible (equivalent to a traditional wet-ink signature), some regulatory agencies have expressed a requirement for specific types of signature. In general, for GCP-regulated activities, digital signatures should be “advanced digital signatures”. A brief overview of the different types of digital signature is provided here: https://www.globalsign.com/en/blog/difference-between-eidas-advanced-and-qualified-electronic-signatures/

A self-certified Adobe signature is not usually considered to be an advanced signature as it is extremely easy to create a false signature. For example, on my laptop I could create a self-certified digital certificate using Adobe Acrobat using the credentials mark.zuckerberg@facebook.com! A document that I sign using Adobe-Sign would look as though it was signed by Mark Zuckerberg and it would be difficult to prove that it hadn’t from the signature. An advanced digital signature on the other hand is uniquely linked to the signatory, usually via a digital certificate that is issued to the signatory based on corroborated evidence of identity (including use of valid email address and password). In some cases, agencies require the next level of signature: a qualified digital signature (e.g. for marketing applications submitted to the FDA or EMA).

Personally, I would not use this requirement as justification to continue with wet-ink; rather to invest a small amount of money in deploying a web-based advanced digital signature solution that meets regulatory requirements. Most advanced digital signature solutions (e.g. DocuSign) show a Return On Investment of 6-12 months, or less.